Everytime I type in a url in the address bar it won't go to the page. It will have http:///?%20www.web page name. I'm unable to go to any webpage at all. I have ran ad aware, spybot S & D. Have searched all search engines. But no such thing on them. Can you help me? :rolleyes:
cajunsunshine 0 Newbie Poster
dlh6213 27 Posting Maven Team Colleague
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
cajunsunshine 0 Newbie Poster
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
reply form cajunsunshine
Logfile of HijackThis v1.99.0
Scan saved at 6:48:29 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files 2\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D2762E7-00C3-4608-AF1A-BD6D2F390804}: NameServer = 205.152.132.235 205.152.37.254
dlh6213 27 Posting Maven Team Colleague
Remember to close all browser windows when scanning with hijackthis (you had IE and Mozilla open when you did that scan).
Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---
I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.
Scan with HJT and have it fix the following entries:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
Close all windows other then hijackthis before hitting the Fix button
Reboot into Safe Mode
Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe
Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe
Reboot normally, close all browser windows, scan with HJT, and post a new log please.
cajunsunshine 0 Newbie Poster
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
THIS IS THE NEWEST HIJACK LOG. i CLOSED ALL WINDOWS THIS TIME, SORRY ABOUT THAT.
Also I found out about C://Documents and Settings/Brian/Application Data/bfcyoo.exe. It is iunder the registry key:
HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SEARCH ASSISTANT/ACMru/5603(name-000, type-REG_SZ, data,bfcyoo.exe, I did a search and was unable to find it anywhere else.
Logfile of HijackThis v1.99.0
Scan saved at 8:11:33 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: (HKLM)
:rolleyes:
cajunsunshine 0 Newbie Poster
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
This is the very last hijack log I've done here at 9:30 pm. I didn't do it right in the last reply I made to you. Here it is -------
Logfile of HijackThis v1.99.0
Scan saved at 9:27:56 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
cajunsunshine 0 Newbie Poster
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
11:19 PM Sunday night
Last Post Tonight--------Everything is back to normal. Thanks so much. Have a great evening. cajunsunshine.
dlh6213 27 Posting Maven Team Colleague
Looks like you went ahead and fixed a few things on your own there :)
Looks good to me, let us know if you have any more problems
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
damjan_hr 0 Newbie Poster
Try RemoveIT Pro to clean your computer, it has many popular malicious files in database.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.